If you do need to run plug-ins, make sure you enable click-to-play.
Last week, we published a
blog
previewing the VB2014 paper ‘
Optimized mal-ops. Hack the ad network like a boss
‘ by
Bromium
researchers Vadim Kotov and Rahul Kashyap. In the paper, they show how purchasing ad space from legitimate ad servers, and using it to serve malicious ads, gives malware authors a lot more opportunities to spread their malicious creations than exploit kits ever did.
As if the paper didn’t make this point strongly enough already,
Fox-IT
researcher Yonathan Klijnsma has
discovered
a campaign that served malicious ads on a number of prominent websites, including
tmz.com
,
ibtimes.com
and
java.com
— in all cases, vulnerable users were infected without having to click on the ads.
There is some irony in the malware being served on
java.com
, as exploits targeting the Java browser plug-in are commonly used to serve malware. Although these days exploit kits tend to focus mostly on Flash and Silverlight exploits, few people actually need the Java plug-in, and uninstalling is much easier than always making sure you have the latest version running. If you do need to run the Java plug-in, at the very least you should take advantage of
click-to-play
.
Don’t really see what the fuzz about
http://t.co/LDlj3oPUhx
serving malware is,
http://t.co/Usv5obaLF4
has been doing that for ages.— Andreas Lindh (@addelindh)
October 27, 2013
As Yonathan points out, there is no silver bullet to protect yourself from malvertising, and he too highlights the importance of click-to-play, as well as uninstalling unnecessary plug-ins and keeping those that are needed up to date.
Posted on 28 August 2014 by
Martijn Grooten
Leave a Reply